Add to CRM logo
  • Home
  • Integrations
  • Pricing
  • Contact

logo

Find verified contact info for your prospects on professional networks and add them to your CRM with 1-click.

Save 4hrs / week on CRM data entry.

Integrations

  • 1CRM
  • ActiveCampaign
  • Agile CRM
  • Airtable
  • Attio
  • CapRaise
  • Capsule CRM
  • Close CRM
  • Copper CRM
  • Fireberry
  • Freshworks
  • Gold-Vision
  • Google Sheets
  • HighLevel
  • HubSpot
  • Insightly
  • Keap
  • Less Annoying CRM
  • Monday CRM
  • Nimble CRM
  • Notion
  • Nutshell CRM
  • Ontraport
  • Pipedrive
  • Pipeline CRM
  • Pipeliner
  • Salesflare
  • Salesmate
  • Solve CRM
  • Spotler
  • Zendesk Sell
  • Zoho
  • CRM Chrome Extensions

How to use CRMs

  • How to Use Zoho CRM in 2026: Setup & Contacts Guide
  • How to Use Zendesk Sell in 2026: Setup & Sales Guide
  • Show all

How to Import Contacts

  • How to Import Contacts into Pipeline CRM
  • How to Import Contacts into Monday.com
  • Show all

How to Merge Duplicates

  • How to Merge Duplicates in ActiveCampaign
  • How to Merge Duplicates in 1CRM
  • Show all

How to Export Contacts

  • How to Export Contacts from Zoho
  • How to Export Contacts from Airtable
  • Show all

Alternatives

  • Finding the Best CRM for Sales Teams A Practical Comparison
  • 6 Best Surfe Alternatives in 2026 (Free & Paid)
  • Show all

How to Find API Keys

  • How to Find Your API Key in Close.com
  • How to Find and Use Your Zoho API Token
  • Show all

Guides

  • 8 Cold Emailing Examples That Actually Get Replies in 2026
  • Top 10 Sales Prospecting Best Practices for 2026
  • Show all

Tools

  • The 12 Best Data Entry Automation Software Solutions for 2026
  • Top 12 Lead Generation Companies To Fuel Your Growth in 2026
  • Show all

Calculators

  • Sales Commission Calculator
  • CRM ROI Calculator
  • Lead Value Calculator
  • Productivity Calculator
  • Sales Pipeline Calculator
  • Show all

Company

  • Affiliate Program
  • Terms and Conditions
  • Privacy Policy
  • Opt Out
  • Legal Notice
  • Cookie policy
  • Security

Add to CRM is not affiliated by, or endorsed with, LinkedIn®, Gmail, Outlook, or any CRM. All trademarks remain property of their respective owners.

Sellframe Ltd © 2026 All Rights Reserved

  • instagram
  • facebook
  • threads
  • twitter
  • youtube
  • tiktok
  • linkedin
Enterprise-grade security for your CRM data

Security at AddToCRM

We protect the CRM credentials and contact data of sales teams worldwide. Security is built into every layer of our platform.

AES-256-GCM

Authenticated encryption

GDPR Compliant

EU, UK & CCPA

MV3 Extension

Modern Chrome security

TLS Everywhere

HSTS with preload

Encryption & Data Protection

Your most sensitive data is protected with industry-standard encryption at every stage.

CRM Credentials

All CRM API keys and OAuth tokens are encrypted with AES-256-GCM authenticated encryption before storage. Credentials are never stored in plaintext. GCM mode provides both confidentiality and integrity verification.

Data in Transit

All connections use TLS 1.2+ with auto-provisioned certificates. We enforce HSTS with preload to prevent protocol downgrade attacks. All API and web traffic requires HTTPS.

Passwords

User passwords are hashed with bcrypt. We enforce minimum password complexity requirements and never store or log plaintext passwords.

Payment Data

All payment processing is handled by Stripe (PCI DSS Level 1 certified). We never see, store, or process credit card numbers. Webhook signatures are cryptographically verified.

Authentication & Access Control

Multiple layers of protection guard access to your account and data.

Account Security

  • Secure session cookies with HttpOnly, Secure, and SameSite attributes prevent cross-site attacks.
  • Google OAuth 2.0 support for passwordless authentication.
  • Brute force protection with per-IP rate limiting on login and signup endpoints.
  • User enumeration prevention returns consistent responses regardless of account existence.

Fraud Prevention

  • Device fingerprint detection limits account creation per device, preventing abuse.
  • Disposable email blocking prevents signups with temporary email addresses.
  • Organization-level data isolation ensures teams only access their own data.
  • Comprehensive audit logging across all CRM operations for complete traceability.

Application Security

Built with defence-in-depth principles across every layer of the stack.

SQL Injection Prevention

All database queries use parameterised prepared statements. No user input is ever concatenated into SQL.

Content Security Policy

A strict CSP is enforced across all routes, blocking inline scripts and restricting resource loading to trusted domains.

Chrome Extension (MV3)

Built on Manifest V3 with the minimum required permissions. UI is fully isolated from host pages.

Error Handling

Generic error messages are returned to clients. Stack traces and internal details are never exposed to end users.

Security Headers

HSTS preload, X-Frame-Options DENY, X-Content-Type-Options nosniff, strict Referrer-Policy, and Permissions-Policy enforced.

Sensitive Data Handling

Passwords and CRM credentials are stripped from all API responses before transmission. Sensitive values are never logged.

Privacy & Compliance

We comply with major data protection regulations worldwide.

Regulatory Compliance

  • GDPR (EU General Data Protection Regulation)
  • UK GDPR
  • CCPA / CPRA (California)
  • PIPEDA (Canada)

Data Practices

  • We never sell personal data
  • Full account deletion on request
  • Enrichment data cached for 30 days only
  • Privacy-friendly analytics (cookieless and EU-hosted)

Data Retention

Data CategoryRetention Period
Account dataDuration of account + 6 months
Enrichment cache30 days
Operation logs12 months
Inactive CRM credentialsAuto-deleted after 90 days of inactivity

Sub-Processors

We use a limited number of trusted third-party services to provide our platform.

ServicePurposeData ProcessedLocation
DigitalOceanInfrastructure hostingAll application dataUS
StripePayment processingBilling dataUS (PCI DSS)
Apollo.ioContact enrichmentProfessional contact dataUS
SalesQLContact enrichmentProfessional contact dataEU
ProspeoContact enrichmentProfessional contact dataEU
BouncerEmail verificationEmail addressesEU
GoogleAuthentication (OAuth)Email, nameUS
PostHogProduct analyticsUsage events (no PII)EU
FathomWebsite analyticsNone (cookieless)EU
MailerSendTransactional emailName, emailEU
MailerLiteEmail marketingName, emailEU

Infrastructure & Business Continuity

Reliable infrastructure with automated recovery and zero-downtime deployments.

Hosting & Availability

  • Automated server backups with redundant storage for disaster recovery.
  • Atomic deployments with timestamped builds and instant rollback capability.
  • Zero-downtime deployments with automatic restart on failure.
  • Health check monitoring on critical endpoints for availability verification.

International Data Transfers

Our primary infrastructure is hosted in the United States. For transfers of personal data from the EU/EEA to the US, we rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as additional safeguards.

Sellframe Ltd. is registered in Scotland, UK. We comply with both EU GDPR and UK GDPR requirements for international data transfers.

Working With Your InfoSec Team

We are transparent about our security posture and happy to work with your team.

Security Questionnaires

We respond to SIG Lite, CAIQ, and custom security questionnaires. We implement the technical controls required by SOC 2 and ISO 27001 frameworks.

Data Processing Agreements

We are happy to review and sign your DPA to formalise our data handling obligations and meet your compliance requirements.

Vulnerability Reporting

We welcome responsible disclosure. If you discover a security issue, please reach out to us directly and we will respond promptly.

Documentation

  • Privacy Policy →
  • Terms of Service →
  • Cookie Policy →

Security Contact

For security inquiries, vulnerability reports, or to request a security questionnaire response:

[email protected] →

Last updated: 24th February 2026